Re: [Cfrg] NIST crypto group and HKDF (and therefore TLS 1.3)

Dan Brown <danibrown@blackberry.com> Fri, 08 May 2020 20:49 UTC

Return-Path: <danibrown@blackberry.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A07A3A0F11; Fri, 8 May 2020 13:49:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=blackberry.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IonwI7YkKOzA; Fri, 8 May 2020 13:49:43 -0700 (PDT)
Received: from smtp-pc10.blackberry.com (smtp-pc10.blackberry.com [74.82.81.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD373A0EF6; Fri, 8 May 2020 13:49:37 -0700 (PDT)
Received: from pps.filterd (mhs400cnc.rim.net [127.0.0.1]) by mhs400cnc.rim.net (8.16.0.27/8.16.0.27) with SMTP id 048KnWdC187222; Fri, 8 May 2020 16:49:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackberry.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=corp19; bh=XlZ8g28gi34L+51raIBHyphyONSbwe5rciwRt+dm/yM=; b=eWPcw28kenKQo6ZqgZC+RFQo9RM1XZL2312orTjpJokO3fzGdf1PeL8iFsgUaAmNDt37 XQuQfle5SB1/0zBRoUEZc2beAtvxOQFyY1kMkiC4g/l98bWs5bSc0bRIf8fRmyZdI5l7 MzU6LCE+4MhE1o9jppk9USAgNlUPnCgicCX6pAgWZ/gM2rQgHidFOQS7H9q1B8DuNIbB oXi6VoYsVsiJZ2p69eiHOQoIrQPy9+LuQSt3o24aUAn5Au/iaMwb0ZSf6QJek0iLkb3q DU0/AgNLQ8ucLO1pA/2xLgeAVFahAjpJTM/7guJ/+zJw+eazhEnXAj4OuR+Nr9Hm2OZm ww==
Received: from xch211cnc.rim.net (xch211cnc.rim.net [10.3.27.116]) by mhs400cnc.rim.net with ESMTP id 30wc6p86dw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Fri, 08 May 2020 16:49:32 -0400
Received: from XCH210YKF.rim.net (10.2.27.110) by XCH211CNC.rim.net (10.3.27.116) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Fri, 8 May 2020 16:49:32 -0400
Received: from XCH210YKF.rim.net ([fe80::81ca:ad34:fc3:5ce8]) by XCH210YKF.rim.net ([fe80::81ca:ad34:fc3:5ce8%5]) with mapi id 15.01.1913.007; Fri, 8 May 2020 16:49:32 -0400
From: Dan Brown <danibrown@blackberry.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, "tls@ietf.org" <tls@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>
Thread-Topic: NIST crypto group and HKDF (and therefore TLS 1.3)
Thread-Index: AQHWJXY75SUMYNJzo0q8VSbsRy8U7aiep7QA
Date: Fri, 8 May 2020 20:49:31 +0000
Message-ID: <9bae52f88d99421cbae6ab362e52c0a3@blackberry.com>
References: <07D37E65-0951-49BB-B86E-BD3167ADB352@akamai.com>
In-Reply-To: <07D37E65-0951-49BB-B86E-BD3167ADB352@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [100.64.97.74]
Content-Type: multipart/signed; micalg=2.16.840.1.101.3.4.2.1; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_009A_01D62558.A4B58E80"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.676 definitions=2020-05-08_18:2020-05-08, 2020-05-08 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/b5KcOlkvK5BlnC3Y7TZ_XO_8A2A>
Subject: Re: [Cfrg] NIST crypto group and HKDF (and therefore TLS 1.3)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 May 2020 20:49:50 -0000


> -----Original Message-----
> From: Cfrg <cfrg-bounces@irtf.org> On Behalf Of Salz, Rich
> Subject: [Cfrg] NIST crypto group and HKDF (and therefore TLS 1.3)
>
> NIST SP 800-56C (Recommendation for Key-Derivation Methods in Key-
> Establishment Schemes) is currently a draft in review.... with a deadline of
> May 15.  That is not a lot of time.  The NIST crypto group is currently 
> unlikely
> to include HKDF, which means that TLS 1.3 would not be part of FIPS. The
> CMVP folks at NIST understand this, and agree that this would be bad; they 
> are
> looking at adding it, perhaps via an Implementation Guidance update.

[DB] But NIST Draft SP 800-56Cr2 cites RFC 5869, which is HKDF, and says HKDF 
is a version of 56C Section 5.1. So, I had thought that 56C would allow HKDF. 
What am I missing?


----------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.